essensys Global Privacy Notice

This Privacy Notice (“Notice”) covers how essensys PLC and/or each of the essensys-affiliated companies (collectively and/or individually “essensys”) handles personal data – whether you interact with us through essensys services (such as essensys Platform), on our websites, or in person (including by phone or email).

References in this Notice to “you” or “your” are references to those individuals whose personal data is processed.

References in this Notice to “our”, “we” or “us” are references to essensys PLC and/or each of the essensys-affiliated companies either collectively and/or individually.

 

What Is Personal Data?

Data that directly identifies you, and data that does not directly identify you but that can reasonably be used to identify you, is personal data.

 

Personal data essensys collects from you

The personal data essensys collects depends on how you interact with essensys.

We aim to collect only the personal data that we need.

 

We may collect personal data, including:

Usage Data – Data about user activity on essensys services including browsing history; search history; product interaction; crash data; performance and other diagnostic data; and other usage data.

Device Information – Data from which your device could be identified, such as device serial number, Mac address, or about your device, such as browser type.

Contact Information – Data such as name, email address, physical address, phone number, or other contact information.

Account Information – Your essensys account details, including linked email address(es).

Transaction Information – Data about purchases of essensys products and services or transactions facilitated by essensys.

Fraud Prevention Information – Information like marketplace services and voice services to help identify and prevent fraud.

Other Information You Provide to Us – Such as the content of your communications with essensys, including interactions with customer success and support and contact made through social media channels e.g., LinkedIn.

Personal Data essensys Receives from Other Sources – essensys may receive personal data about you from other individuals, from businesses or third parties acting at your direction, from our partners who work with us to provide our products and services and assist us in security and fraud prevention, and from other lawful sources.

 

For research and development purposes, we may use datasets that could be associated with an identifiable person. When acquiring such datasets, we do so in accordance with applicable law, including law in the jurisdiction in which the dataset is hosted. When using such datasets for research and development, we do not attempt to reidentify individuals who may appear therein. For further information on how your personal information is processed, you can email [email protected].

 

essensys’ Use of Personal Data – essensys uses personal data to perform its services, to process your and customers’ transactions, to communicate with you, for security and fraud prevention, and to comply with the law. We may also use personal data for other purposes with your consent. We collect, use, store, and transfer different kinds of personal data about you. We have grouped the following categories of personal data to explain how this type of information is used by us. These terms are used throughout this Notice:

  • “Marketing and Communications Data”: including information on when you receive and read marketing communications from us, which of our events you attend, and marketing and communication preferences (unless you provide such preferences in your profile on our electronic portals and platforms in which case, they constitute Profile Data). Additional information about the personal data we process in connection with marketing is included in the marketing communications we send you;
  • “Usage Data”: includes information about your use of our Website, our electronic portals and platforms, as well as our local area networking facilities (including Wi-Fi) and similar electronic services, such as interactions with our mobile applications, information collected progressively when you visit our Website, electronic portals and platforms, including your referral website, pages you visit, actions you take, information on last viewed/visited site and details of the content viewed including when and how many times the content was viewed, patterns of page visits, time details per visits (e.g. visit duration, number of visits, time spent on each page, frequency of visits), details about the path followed with special reference to the sequence of pages visited, interactions, functionalities and modules used, chat messages;
  • “Technical Data”: includes technical information collected when you access our Website, our electronic portals, and platforms which we offer or which we have agreed with you to use, including your internet protocol (IP) address or domain names of the devices utilised, your login data, browser type, and version, uniform resource identifier (URI) address, time zone setting, and location, browser plug-in types and versions, operating system and platform and other technology on the devices you are using;

 

Furthermore, you have the right to withdraw consent from any processing activities that you had consented to before.

 

Purposes and legal basis for which we will use your personal data:

Category of personal data

Purpose of processing

Legal basis

Marketing and Communications

  • To manage our relationship with you which will include notifying you about changes to our terms of business
  • To manage and protect our business, including improving data security, troubleshooting data and systems, system maintenance and testing, data hosting, managing our offices and other facilities
  • To invite you to take part in marketing or other promotional events, or client seminars, or similar events, and to manage your participation in them
  • To identify services or products which might interest you, and to send marketing (including paper and electronic marketing communications) or to contact you by other means to offer you our client services or visitor services
  • To ask you for feedback in the form of a survey, about our service, or visitor services, and to manage, review and act on the feedback we are getting
  • Performance of a contract
  • Legal or regulatory obligation
  • Legitimate interests of essensys to run its business operations
  •  Legal or regulatory obligation
  • Legitimate interests of essensys to preserve the security of its services
  • Consent
  • Consent
  • Consent

Usage Data

  • To manage and protect our business, including improving data security, troubleshooting data and systems, system maintenance and testing, data hosting, managing our offices and other facilities
  • To invite you to take part in marketing or other promotional events, or client seminars, or similar events, and to manage your participation in them
  • To identify services or products which might interest you, and to send marketing (including paper and electronic marketing communications) or to contact you by other means to offer you our client services or visitor services
  • To manage and protect our business and our website, including improving data security, troubleshooting data and systems, system maintenance and testing, data hosting and reporting
  • To deliver relevant website content to you and measure or understand the effectiveness of the content we serve to you
  • To use data analytics to improve our website, our services, marketing, customer relationships, and experiences
  • Legitimate interests of essensys to preserve the security of its services
  • Legal or regulatory obligation
  • Consent
  • Consent
  • Legitimate interests of essensys to preserve the security of its services
  • Consent
  • Consent

Technical Data

  • To manage and protect our business, including improving data security, troubleshooting data and systems, system maintenance and testing, data hosting, managing our offices and other facilities
  • To invite you to take part in marketing or other promotional events, or client seminars, or similar events, and to manage your participation in them
  • To identify services or products which might interest you, and to send marketing (including paper and electronic marketing communications) or to contact you by other means to offer you our client services or visitor services
  • To manage and protect our business and our Website, including improving data security, troubleshooting data and systems, system maintenance and testing, data hosting and reporting
  • To deliver relevant Website content to you and measure or understand the effectiveness of the content we serve to you
  • To use data analytics to improve our website, our services, marketing, customer relationships, and experiences
  • Legitimate interests of essensys to preserve the security of its services
  • Legal or regulatory obligation
  • Consent
  • Consent
  • Legitimate interests of essensys to preserve the security of its services
  • Consent
  • Consent
  • Identity Data
  • Contact Data
  • Financial Data
  • Services Data
  • Professional Information
  • Professional History
  • Special categories of Personal Data
  • To process transactions, essensys may collect data such as your payment and purchase information, and your name
  • Performance of a contract
  • Legal or regulatory obligation
  • Legitimate interests of essensys to run its business operations
  • Identity Data
  • Contact Data
  • Financial Data
  • Services Data
  • Professional Information
  • To comply with applicable law – for example, to satisfy tax or reporting obligations, or to comply with a lawful governmental request
  • Legal or regulatory obligation
  • Identity Data
  • Contact Data
  • Profile Data
  • Professional Information
  • Technical Data
  • Usage Data
  • To protect individuals and essensys and for loss prevention and to prevent fraud, for the benefit of all our users, and pre-screening or scanning uploaded content for potentially illegal content
  • Legitimate interests of essensys to preserve the security of its services

 

essensys uses your personal data only when we have a legal basis to do so – Depending on the circumstance, essensys may rely on your consent or the fact that the processing is necessary to fulfil a contract with you, protect your vital interests or those of other persons, or to comply with the law. We may also process your personal data where we believe it is in our or others’ legitimate interests, taking into consideration your interests, rights, and expectations. If you have questions, you can contact us and/or our  Data Protection Officer at [email protected].

 

Your legal rights – You have certain rights under data protection laws in relation to your personal data. It is our policy to respect your rights and we will act promptly and in accordance with any applicable law, rule, or regulation relating to the processing of your personal data. The details of your rights are as follows –

  • To access personal data; and
  • To have inaccurate personal data rectified; and
  • To have personal data erased in certain circumstances; and
  • To restrict the processing of personal data in certain circumstances; and
  • To data portability; and
  • To object to the processing of personal data in certain circumstances, including where personal data is used for marketing purposes; and
  • Unless an exemption applies not to be subject to solely automated decisions where the decision produces a legal effect or a similarly significant effect.

 

You may exercise these rights by contacting the DPO, via email to [email protected] or by post to the registered office address of the essensys company that you wish to contact.

These rights may also be exercised verbally. If you make a request verbally you may be asked to validate any written record of the request that we make.

There will be circumstances where your identity is already confirmed and consequently there is no further requirement to confirm identity. In other cases, there will be a need to obtain that confirmation, ideally at the time the request is made. Typically you will be required to provide documentary evidence of your full name and current address.

Please provide sufficient information to enable us to administer your request.

In addition to this, you also have the right to lodge a complaint with your local supervisory authority. It is preferred to first raise the complaint with us and then approach your local supervisory authority.

 

essensys retains personal data only for so long as necessary to fulfil the purposes for which it was collected, including as described in this Notice or in any relevant essensys service-specific privacy notices, or as required by law.

 

We will retain your personal data for the period necessary to fulfil the purposes outlined in this Notice and in any relevant essensys service-specific privacy summaries. When assessing retention periods, we assess whether it is necessary to retain the personal data collected and, if retention is required, work to retain the personal data for the shortest period permissible under the applicable law.

 

essensys’ Sharing of Personal Data – essensys may share personal data with other essensys-affiliated companies, service providers who act on our behalf, and others at your direction.

 

Service Providers – essensys may engage third parties to act as its service providers and perform certain tasks on our behalf, such as processing or storing data, including personal data, in connection with your use of our services and delivering services to customers. essensys service providers are obligated to handle personal data consistent with this Notice and according to our instructions.

Others – essensys may share personal data with others at your direction or with your consent, such as when we share information with a carrier or a relevant customer, where you are a user of essensys services, but are not necessarily an essensys customer. We may disclose information about you where there is a lawful basis for doing so if we determine that disclosure is reasonably necessary to enforce our terms and conditions or to protect our operations or users, or in the event of a reorganization, merger, or sale. We may also disclose information about you if we determine that for purposes of national security, law enforcement, or other issues of public importance, or where disclosure is necessary or appropriate.

Protection of Personal Data at essensys

We use administrative, technical, and physical safeguards to protect your personal data, considering the nature of the personal data and the processing, and the threats posed. For more information, see our technical and organisational security measures https://essensys.tech/technical-and-organisational-measures/.

 

Transfer of Personal Data Between Countries –

Your personal data may be transferred to or accessed by entities around the world, including essensys-affiliated companies, to perform processing activities such as those described in this Notice in connection with the use of our products and services. essensys complies with applicable and relevant laws on the transfer of personal data between countries to help ensure your data is protected, wherever it may be.

The essensys entity that controls your personal data may differ depending on where you live. Personal data may be controlled by various essensys entities. By way of example, if you do not reside in the United States of America, your personal data may be processed by essensys, Inc. and other essensys-affiliated companies on behalf of the essensys entity controlling personal data for your jurisdiction.

Personal data relating to individuals in the European Economic Area and Switzerland may be controlled by essensys (Europe) BV in the Netherlands. Personal data relating to individuals in the United Kingdom may be controlled by essensys (UK) Limited or essensys PLC, as relevant, both within the United Kingdom. If you wish to contact the controller/s, you may do so via email to [email protected].

We may transfer your personal data collected in the European Economic Area, the United Kingdom, and Switzerland to third countries only when strictly necessary and always in compliance with the applicable laws.

For transfers of personal data between the UK, EEA, and/or Switzerland, essensys relies on the applicable EU Commission adequacy decisions.

Following the adequacy decision granted to the United States by the European Commission, essensys is certified under, and currently relies on, the EU-U.S. Data Privacy Framework as a legal basis for transferring personal data from the EU to the United States. Additionally, the UK extension to the EU-U.S. Data Privacy Framework serves as the basis for data transfers from the UK to the United States. You can verify our participation in the EU-U.S. Data Privacy Framework here: https://www.dataprivacyframework.gov/s/participant-search

 

essensys PLC complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. essensys PLC has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. essensys PLC has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/

 

Specific to our compliance with the Data Privacy Framework Principles, essensys affirms the following:

We are subject to the oversight and enforcement authority of the United States Federal Trade Commission. We acknowledge the right of EU, UK, and Swiss individuals to access their personal data that has been transferred to the United States and to amend or correct outdated or inaccurate information.  Furthermore, said individuals have the right to erasure of personal data that has been handled in violation of the DPF Principles. Individuals wishing to exercise these rights may do so by contacting essensys at [email protected] We may be required to release personal data in response to lawful requests from public authorities including to meet national security and/or law enforcement requirements. We remain liable for the transfer of EU, UK, and/or Swiss personal data to third parties acting as our agents unless we can prove we were not a party to the event giving rise to the damages.

In compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, essensys, Inc. commits to resolve complaints about our collection or use of your personal information transferred to the U.S. pursuant to the EU-U.S. DPF. EU and UK individuals with inquiries or complaints should first contact [email protected].

essensys, Inc. has further committed to refer unresolved DPF Principles-related complaints to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf

 

For transfers of UK data subject personal data to non-adequate third countries, essensys uses Standard Contractual Clauses/the UK International Data Transfer Agreement. For transfers of EEA data subject personal data to non-adequate third countries, essensys uses the EU Standard Contractual Clauses.

If you wish to obtain a copy of the transfer safeguards, please contact ­[email protected].

Personal data relating to individuals in other territories may be processed by essensys in countries outside of that territory. Where this occurs, it will be done in compliance with local laws. As outlined in this Notice, essensys may also transfer such personal data to third parties, who may in turn store or transfer the data outside of the individual’s territory.